I’m new to bgp SO I have a couple of question on a fail over scenario. I will include a link on the bottom of the topology of the network. First of I got rid of the stacked switch and I made an iBGP connection between the two and isp 1 and isp 2 and have the asa in active/standy mode as I want isp1 to be primary and isp2 to be secondary. I have that part figured out. My question is how do I get the traffic to route to the Tertiary location if we have an outage on both isp network communication? Keep in mind this is a 24/7 operation. Just some ideas to get me rolling I’m lost where to start with this. If you need me to be more elaborate I can do so! Let me know!
Thanks in advance!
For outbound traffic towards the ISP, you can set your weight or local pref to prefer routes. For example, on Routers 1, 2, and 3, you could set local pref to 130, 120, and 110. The higher local pref is preferred, and it's carried throughout your routing domain for all of the other routers to know about (ibgp only).
You'd create a route map on all 3 routers and then apply that to your neighbor inbound:
ip prefix-list PreferRouter1ISP permit 0.0.0.0/0 le 32
route-map PreferRouter1ISP permit 10
match ip address prefix PreferRouter1ISP
set local-pref 130
route-map PreferRouter1ISP permit 20
router bgp 100
This would set all routes that are received from the ISP to local pref of 130. Any routes learned from your ibgp neighbors will not be preferred.
You would configure this on all of your other routers, but for their respective neighbors.
*** Please rate all useful posts ***
This is great! thanks for the help on this. I will put this to work on the test env. And do some testing!
I have cisco 3845 Router on that two ISP link is terminated (one is TATA having 100 Mbps and second is Airtel having 10 Mbps) we want to use TATA as primary and Airtel as a backup means if TATA fail, Airtel should work and there is BGP configuration is done.
The problem is that when i test the bandwidth by speedtest i am getting uploading speed above 80 Mbps and downloading only 10 Mbps and i observed that is asymmetric routing. Pls help to me resolve this problem.below is the BGP configuration.
ip address 188.8.131.52 255.255.255.252
ip accounting output-packets
ip flow ingress
description "TATA link"
ip address 184.108.40.206 255.255.255.252
ip flow ingress
ip flow egress
ip virtual-reassembly in
BGP config :-
Router#router bgp 145545
network 220.127.116.11 mask 255.255.255.0
neighbor 18.104.22.168 remote-as 17362
neighbor 22.214.171.124 weight 600
neighbor 126.96.36.199 prefix-list default-route in
neighbor 188.8.131.52 remote-as 9438
neighbor 184.108.40.206 weight 500
neighbor 220.127.116.11 prefix-list default-route in
neighbor 18.104.22.168 route-map AIRTEL_FILTER out
ip prefix-list default-route seq 10 permit 0.0.0.0/0
route-map AIRTEL_FILTER permit 10
match ip address 10
set as-path prepend 135595 135595 135595
Router#sh ip bgp nei 22.214.171.124 advertised-routes
BGP table version is 56, local router ID is 126.96.36.199
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 188.8.131.52/24 0.0.0.0 0 32768 i
in this scenario, you have to also consider the failover for traffic which is incoming from your ISP (i.e Internet) as well. Below is the scenario. I have named the Blue Box as InternalNW1 & Green Box as InternalNW2
In an event of the Firewalls or the link between the Firewalls & GW routers going down together in the InternalNW1, however the GW routers are still up and announcing your local supernets to the internet ( this is when you statically announce supernets with supernet static routes pointing to null 0 added).
++ In the above scenario, all your traffic will come into the InternalNW1 GW routers and get blackholed. However if you are using dynamic accouncement from these GW then obviously in this scenario the announcements will be withdrawn from the internet and only the GW from InternalNW2 will annouce the supernets to the Internet.You have to ensure that you annouce the Supernets of InternalNW1 are announces from GWs of InternalNW2 with a higher metric(like AS prepend etc) and vice versa.
In addition to this for the outgoing traffic flow, is it that you want all the traffic to exit from a single ISP? Like the egress traffic from Internal NW2 to reach internet will be traversing through the shared 100Mvps Microware connection link to the Internal NW1 and then would ride over Internal NW1 and go to the internet?
++ In the above scenario if you would want the traffic to exit the local GWs to the internet then you need to have the same local preference configured on the GW routers of both the InternalNW1 and InternalNW2. So that traffic local to the internal NW will take their local gateway to the internet and in an event of failure InternalNW1&2 will back each other. However, please ensure your accouncements to the internet are in a way so that the traffic to InternalNW1&2 come into the network via their respective GWs, This would avoid assymetrical routing and unnecessary load on the share 100Mbps Microwave connection between InternalNW1&2. In this manner you can efficiently utilize the shared 100Mbps link between the InternalNW1&2 and only the traffic between the InternalNW1 &2 will be utilizing this link.
There are other ways as well you can achieve your requirement based on your design considerations,impact and link capacities across the InternalNW1 & 2 and expected link utilization scenarios.
I hope this helps.
The first scenario Is more of what we use. and i assumed that when i annouce these routes the InternalNW2 would have to be At a higher metric or Local Pref. And thanks for the help! And Ill look in to dynamic accouncements see what i can come up with.